BookmarkSubscribeRSS Feed
th1agol1ma12
Fluorite | Level 6

Hello guys,

I need to synchronize my LDAP users with the SAS metadata. I was trying to adapt the code provided by SAS (importad.sas), but due to the lack of knowledge in LDAP functions and SAS programming, I am not able to move forward. I wonder if anyone here has already done this, and if so, if you could share the solution with me.

 

Details:

- LDAP Oracle 11.1.1.7

- SAS 9.4 M4


Thank you for your attention.

9 REPLIES 9
Damo
SAS Employee

Hi @th1agol1ma12

 

Usage Note 40628 (Automating the addition of users and groups to a SAS® Metadata Repository) would be a good starting point.

It references the documentation SAS® 9.4 Intelligence Platform: Security Administration Guide and sample code.

 

Hope that helps.

 

Cheers,
Damo

th1agol1ma12
Fluorite | Level 6
Hi @Damo,

Thanks for your response, I started working with this link, however it does not provide many details of the loading process using LDAP, only Active Directory
Damo
SAS Employee

Hi @th1agol1ma12

 

I'm not expert but I think LDAP is the protocol used for Active Directory, so instructions should work for you.

 

Cheers,

Damo

th1agol1ma12
Fluorite | Level 6
Hi @Damo,

Yes, but I was not successful at running the LDAP server. The return of SAS support was that the script is directed only to AD and that it has no documentation for LDAP
th1agol1ma12
Fluorite | Level 6
On documentation sended by support: For other formats, the first step is to figure out how to extract the data from your authentication provider. If you have LDAP, you might be able to modify the Active Directory sample for your purposes.

Has anyone made this adaptation yet?
saspert
Pyrite | Level 9

1) Any update/resolution on this issue. From my past experience,

2) In the past, I found myself deleting SAS users manually in metadata who are no longer on the payroll. Would this fix automate this process?

3) What kind of backups do I need to do before trying this?

 

PS: Can we move this thread to SAS Administrators group from the programming group for more visibility ? 

 

Thanks,

gwootton
SAS Super FREQ

1. The importad.sas program has defaults specific to Active Directory, but as has been mentioned the program uses LDAP to pull from Active Directory so can be modified to pull from another LDAP provider. The differences would be in mapping attributes between LDAP and Metadata. This is defined in the ldapextrpersons and ldapextrgroups macros defined in importad.sas. At the beginning of each is an attrs section that specifies the names of the attributes to pull from LDAP, then there are a series of if statements that say if attrName = one of the LDAP attributes then set the value of metadata attribute to the value. Modifying those two sections allow you to go from Active Directory to another LDAP provider.

2. Once you have importad.sas successfully pulling the information you want from LDAP, you can use Sample Code for User Synchronization to use importad.sas to pull the information from LDAP and compare that with what is in Metadata, removing from Metadata those not present in the LDAP table. This is not a function of importad.sas by itself.

3. I would take a Metadata backup prior to running this in case it removes users that should remain, or adds users you don't want.

--
Greg Wootton | Principal Systems Technical Support Engineer

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 3583 views
  • 0 likes
  • 5 in conversation